-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2004-01-26 Security Update 2004-01-26 Security Update 2004-01-26 is now available. It contains security enhancements for the following: AFP Server: Improves AFP over the 2003-12-19 security update. Apache 1.3: Fixes CAN-2003-0542, a buffer overflow in the mod_alias and mod_rewrite modules of the Apache webserver. Apache 2: Fixes CAN-2003-0542 and CAN-2003-0789 by updating Apache 2.0.47 to 2.0.48. Installed only on Server systems. Classic: Fixes CAN-2004-0089 to improve the handling of environment variables. Credit to Dave G. of @stake for reporting this issue. Mail: Fixes CAN-2004-0085 and CAN-2004-0086 to deliver security enhancements to Apple's mail application. Credit to Jim Roepcke for reporting CAN-2004-0086. Safari: Fixes CAN-2004-0092 by delivering security enhancements to the Safari web browser. System Configuration: Fixes CAN-2004-0087 and CAN-2004-0088 where the SystemConfiguration subsystem allowed remote non-admin users to change network setting and make configuration changes to configd. Credit to Dave G. from @stake for reporting these issues. Windows File Sharing: Fixes CAN-2004-0090 where Windows file sharing did not shutdown properly. ================================================ Security Update 2004-01-26 is available for the following systems: - Mac OS X 10.1.5 "Puma" and Mac OS X Server 10.1.5 - Mac OS X 10.2.8 "Jaguar" and Mac OS X Server 10.2.8 - Mac OS X 10.3.2 "Panther" and Mac OS X Server 10.3.2 The Security Updates web page indicates which fixes are available for each system, as not all issues apply to each system. Security Update 2003-12-19 has been incorporated into this security update for the Jaguar and Panther systems. ================================================ Security Update 2004-01-26 may be obtained from: * Software Update pane in System Preferences * Apple's Software Downloads web site: Mac OS X 10.3.2 Client ====================== http://www.info.apple.com/kbnum/n120301 The download file is named: "SecurityUpd2004-01-26Pan.dmg" Its SHA-1 digest is: 8977b3420a6343d53b79f23c409a601d269d87a4 Mac OS X 10.3.2 Server ====================== http://www.info.apple.com/kbnum/n120300 The download file is named: "SecUpdSrvr2004-01-26Pan.dmg" Its SHA-1 digest is: 15bfa92c439c6fee1e690703359778cefabf58d7 Mac OS X 10.2.8 Client ====================== http://www.info.apple.com/kbnum/n120302 The download file is named: "SecurityUpd2004-01-26Jag.dmg" Its SHA-1 digest is: 365401ca71387a45a34ecab5ec7278b62e3089b3 Mac OS X 10.2.8 Server ====================== http://www.info.apple.com/kbnum/n120304 The download file is named: "SecUpdSrvr2004-01-26Jag.dmg" Its SHA-1 digest is: 605578cbf0d6005ee5f6b474026b908e47175268 Mac OS X 10.1.5 Client and Server ================================= http://www.info.apple.com/kbnum/n120303 The download file is named: "SecurityUpd2004-01-26P.dmg" Its SHA-1 digest is: 7c7f55d675a19957bce3c5aeaa985652a8c59d7b Information will also be posted to the Apple Product Security web site: http://www.apple.com/support/security/security_updates.html This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQEVAwUBQBWwCneI0z6bzFr0AQJq2gf9EnXdvmQv32/FEQ7oD2SMr1CRURt8obxD /71SE+DFNS07eO8UzExNRy490hkTb8sXEpp9jeDu7hTR00ZH4FpzDX0Ydn5x/LGJ b/wG2w9WgjVjdBKhykANAb8Pomnrm8sTzQvpfXyQmHr9q7Qt5Idcs7pjaU3UK2J4 gAhe48cBdxktBgjktoNHpZ13oF24yVUi4D0PDEdiab4ZDjJu16sox72+1Us/4cEI xG5womXWxNXV9iF4wQeubEmsgOG+xKA++wY0At204AyR4i2UCPkynZIB7VvJh+nV js+l4Ry02jtC+Nj50np3mPRvmLZiaC+zJeB8Vdap7m3yKTwLZ8gpFw== =2ecE -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored.